Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information security in private blockchains

4,858 views

Published on

The InfoSec implications of using a blockchain rather than a centralized database to store inter-company information.

Published in: Technology

Information security in private blockchains

  1. 1. Information security in private blockchains Dr Gideon Greenspan, Founder and CEO
  2. 2. Overview •  Blockchain databases •  Internal risks •  External risks •  Mitigation strategies •  Summary
  3. 3. Centralized databases ClientServer Client Request
  4. 4. Blockchain databases Node Node Node NodeTransaction Block
  5. 5. Blockchain databases Node Node Node NodeTransaction Block Blockchain Consensus created by validator nodes
  6. 6. Ledgers in regular databases Account number Balance 04823872 £ 229.94 20956298 £ 431.05 38103749 £ 183.67
  7. 7. Ledgers in blockchains Public key hash Balance 13B9cMd5Ch9fu6qU4 94gHTfAPFQfq3ZSGx £ 229.94 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 431.05 1HDxhfeoSQmVNzTnZ RLe2Z6nJ1LLAuGWpa £ 183.67
  8. 8. Ledgers in blockchains Public key hash Balance 13B9cMd5Ch9fu6qU4 94gHTfAPFQfq3ZSGx £ 229.94 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 146.83 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 284.22 Multiple entries for one account ⇒ concurrent distributed transactions
  9. 9. Internal risks: regular node •  What can a bad regular node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions •  Why are we so confident? ü  7 years of bitcoin history
  10. 10. Internal risks: validator node •  What can a bad validator node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias
  11. 11. Internal risks: validator majority •  What can a bad validator majority do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ü  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias
  12. 12. External risks: network violation ⤫  Denial of service –  Peer-to-peer resilience ⤫  Wiretapping –  Handshaking with digital signatures –  Extend to encrypted communication ⤫  Spoofing / Man-in-the-middle –  Impossible without key compromise –  Transaction source irrelevant anyway
  13. 13. External risks: host violation Blockchain node Centralized client Centralized server Read mine ✓︎ ✓ ✓︎︎ Read all ✓ ✕ ✓︎ Write mine ✓ ✓ ✓ Write all ✕ ✕ ✓
  14. 14. Mitigation: Cold storage •  Offline “cold” private key (air gapped) – Most funds stored in cold address – Refill “hot” address as necessary http://bitcoingarden.tk/trezor-the- hardware-bitcoin-wallet/
  15. 15. Mitigation: Multisignature •  Lock funds under n different keys – Stored on different nodes/devices •  Require m of those keys to spend – Special type of ledger entry •  Variations: – 1 of 2 for key loss – 2 of 2 for host security – 2 of 3 for escrow
  16. 16. Blockchain security: summary Confidentiality ▼ Integrity ▲ Availability ▲ * * Watch: zero-knowledge proofs

×